We’re going to use an ORM tool with a .NET desktop application. The tool allows creation of persistent classes. It generates all database tables automatically.
In addition to other data, our system needs to store user credentials, and deliver access control.
The question is, is there any possibility of access control by means of ORM, without creating the database authentication mechanisms manually? Is there any product on the market which allows this?
We thought of limiting the access in the program itself, but users can easily access the database directly, and bypass the program limitations.
Thanks.
I assume you mean authentication on the domain objects, which filters back up to the UI, rather than database-access authentication. From the ORMs I’ve tried, I haven’t found any that include role-based authentication on the domain objects, this is usually the job of some other aspect of the system.
You could look at one of the AoP frameworks available, Postsharp is one of the popular ones, here’s one of the Postsharp examples:
Alternatively you could build your own attributes that you decorate your domain objects with, providing each with a role or roles it requires.